Splunk Data Administrator (Contract, 6+ months) – Melbourne
Title: Splunk Data Administrator
Location: Melbourne
Type: Contract (6 months +)
Required Skills and Experience
Splunk:
* Good understanding of Splunk architecture and its components (Search Heads, Indexers, Deployers).
* Experience in managing and troubleshooting Splunk distributed environments (clusters), Splunk upgrade and migration.
Operating Systems & Cloud Platforms:
* Expertise in Linux systems, specifically RHEL and Amazon Linux.
* Experience with AWS services, including EC2, S3, IAM, VPC, Subnets, Security Groups and CloudWatch.
DevOps & Automation Tools:
* Experience with Jenkins pipelines and CI/CD processes, Ansible for configuration management and automation, Terraform for infrastructure provisioning.
* Ability to write custom Ansible playbooks and Terraform modules for system management and scripting languages like Bash, Python, or Shell for automation tasks.
Required Skills & Experience
* 5-10 years experience with Splunk administration and data onboarding (or equivalent depth).
* Strong practical knowledge of:
o CIM normalization, tags/eventtypes, datamodel alignment
o Field extraction (regex, JSON/KV extraction), and troubleshooting parsing issues
o props.conf / transforms.conf, sourcetypes, timestamps, line-breaking
o TA installation/configuration and deployment patterns across Splunk tiers
* Experience with complex Splunk architectures:
o Indexer clusters, SH/SHC, forwarder management, deployment server
o Hybrid patterns (on-prem + cloud), connectivity, and ingestion strategies
* Comfortable writing and validating SPL for data quality and CIM compliance.
* Strong log source knowledge across common domains:
o Security: EDR, firewall, proxy, IAM/auth, VPN, email security
o Infrastructure: Windows, Linux, network devices, virtualization
o Cloud: AWS/Azure/GCP logging patterns (nice-to-have)
Contact: 02 9412 4178 for more details.
www.ayaninfotech.com
#J-18808-Ljbffr